AltFi.com uses cookies on this website. They help us to know a little bit about how you use our website, which improves the browsing experience and marketing - both for you and for others. They are stored locally on your device. By continuing to use this site you accept this use of cookies. Go to the Privacy and Cookies page for more information. You'll see this message only once.
Not signed in. Log in here.

Your daily download of all things alternative finance and fintech, from us at AltFi


 

The cyber threat in alternative finance




By Ryan Weeks on 15th March 2016

Christiaan Colen, https://goo.gl/eQaTo6

Are alternative finance providers prepared for the dangers of cyber crime?

 

The words “cyber crime” are enough to send a shiver down the spine of anyone involved in running a company with a significant online presence. And yet when we come to discussing the major threats faced by the alternative finance sector, hacking rarely seems to get a mention. Far more prevalent in industry discourse are mispricing, platform failure, fraud and regulatory backlash. Is the danger of cyber crime getting the airtime that it deserves?

 

The alternative finance sector represents a prime target for hackers. Stacks and stacks of customer data flows through the many platforms, as does an increasingly large volume of client money (much of it invested by retail investors). How resilient are these platforms to the threat of digital attack?

 

Of course, the issue is not confined to the alternative finance space. In PwC’s 18th Annual Global CEO Survey 2015, 79% of the bosses surveyed cited cyber threats and a lack of data security as a key threat to growth. 

 

PwC has done a lot of work in this space over the past few years. As of February this year, the firm had performed ethical hacking duties for as many as 20 different peer-to-peer lending platforms. We hear that these tests threw up “significant findings”. PwC has repeatedly warned that a high profile incident of cyber crime within the alternative finance space is somewhat inevitable.

 

Fergus Lemon of PwC conceded in a past column that online financial services providers “are always going to be high priority targets for hackers due to the nature and value of the data they hold”. However, he sees the alternative finance industry’s current level of engagement with ethical hacking service providers as an encouraging sign for the future.

 

The alternative finance industry is still attempting to force its way irrevocably into the mainstream of financial services. The advent of the Innovative Finance ISA in the UK – set for 6 April – will be a pivotal factor in accelerating that charge. But trust is the key. The UK’s peer-to-peer sector – led by consumer lending outfit Zopa – has gone above and beyond to propagate customer trust. In the early days, Zopa was über conservative around credit assessment, and delivered positive returns to investors throughout the 2008 downturn. Funding Circle was the first platform publish its full loan book online, and seven other platforms in the UK P2P space have since followed suit. The industry’s reputation has been carefully sculpted over more than a decade. One prominent instance of cyber attack could see that reputation unraveled. 

 

On 21 October last year, TalkTalk fell victim to a cyber attack that saw over 156,959 customer details stolen. We’ve since learnt that the incident cost the firm up to £35m. As is to be expected, the attack also resulted in a marked decline in the company’s reputation. TalkTalk’s YouGov BrandIndex score fell off of a cliff in the immediate aftermath of the incident. At so early a stage in its development, it’s unclear whether the alternative finance industry could stomach such a blow. One hopes it won't have to. 

Comments

Gary Robertson

23 Mar 2016 12:31am

Any platform that does not engage a third party penetration testing company to have a go at its site regularly is probably wide open. Some platforms have laughably poor software that has obviously had very little money or transaction processing expertise applied to it. For example eMoneyUnion's site runs on a clumsily modified version of the Wordpress blogging software, which was not designed for secure transaction processing at all. Until specialist, experienced software developers hold positions at the most senior level and have their concerns taken seriously and encouraged, rather than treated as mere naysaying, these platforms are very vulnerable. It's a case of when, rather than if, the first serious breach occurs. The FCA seems utterly clueless in this area. There's no way that sites like eMoneyUnion should be allowed to operate in their current state.


Enter your name:

Enter a comment in the box below: